Flash Security
Get flash to fully experience Pearltrees
Cross-domain policy file specification | Adobe Developer Connect
A cross-domain policy file is an XML document that grants a web client—such as Adobe Flash Player, Adobe Reader, etc.—permission to handle data across multiple domains. When a client hosts content from a particular source domain and that content makes requests directed towards a domain other than its own, the remote domain would need to host a cross-domain policy file that grants access to the source domain, allowing the client to continue with the transaction. Policy files grant read access to data, permit a client to include custom headers in cross-domain requests, and are also used with sockets to grant permissions for socket-based connections. For complete details, download the cross-domain policy file specification below. The specification is a reference for the structure and use of cross-domain policy files.
The ExternalInterface class is an application programming interface that enables straightforward communication between ActionScript and the SWF container– for example, an HTML page with JavaScript or a desktop application that uses Flash Player to display a SWF file. Using the ExternalInterface class, you can call an ActionScript function in the Flash runtime, using JavaScript in the HTML page. The ActionScript function can return a value, and JavaScript receives it immediately as the return value of the call. The ExternalInterface class requires the user's web browser to support either ActiveX ® or the NPRuntime API that is exposed by some browsers for plug-in scripting. Even if a browser and operating system combination are not listed above, they should support the ExternalInterface class if they support the NPRuntime API. See http://www.mozilla.org/projects/plugins/npruntime.html .
ExternalInterface - ActionScript 3.0 Language and Components Ref
Controlling access to scripts in a host web page
For SWF files running locally, calls to APIs are successful only if the SWF file and containing web pages are in the locally trusted security sandbox. Calls to these methods fail if the content is in the local-with-networking or local-with-file system sandbox. The AllowScriptAccess parameter in the HTML code that loads a SWF file controls the ability to perform outbound URL access from within the SWF file. Set this parameter inside the PARAM or EMBED tag. If no value is set for AllowScriptAccess, the SWF file and the HTML page can communicate only if both are from the same domain.
How do I fix this cross-domain ActionScript 3 error? - Stack Ove
First, I borrowed some open-source code for a class called AjaxRequest , which I have saved as /ajax/AjaxRequest.as . I then created a Flash file called /jsajax.fla which exports to the final SWF file, /jsajax.swf . Now, here's the ActionScript code that comprises the first and only frame of the Flash file: So far so good.